what you don't know can hurt you

Quake 3 Denial Of Service

Quake 3 Denial Of Service
Posted Mar 27, 2012
Authored by Simon McVittie

Quake 3-based servers suffer from a distributed denial of service vulnerability.

tags | advisory, denial of service
MD5 | aed5a53903d7cf47fea5f7cfecf20470

Quake 3 Denial Of Service

Change Mirror Download
It has been discovered that spoofed "getstatus" UDP requests are being
used by attackers[0][1][2][3] to direct status responses from multiple
Quake 3-based servers to a victim, as a traffic amplification mechanism
for a denial of service attack on that victim.

Open-source games derived from the Quake 3 engine are typically based on
ioquake3 [4], a popular fork of that engine. This vulnerability was
fixed in ioquake3 svn revision 1762 (January 2010) [5] by applying a
rate-limit to the getstatus request. Like several other known and fixed
vulnerabilities, it is not fixed in the latest official ioquake3 release
(1.36, April 2009).

If a CVE ID is allocated for this vulnerability, please reference
ioquake3 r1762 prominently in any advisory.

Fixed versions of various open-source games based on Quake III Arena,
mostly based on visual inspection of their source code:

* ioquake3 svn >= r1762
* OpenArena >= 0.8.8
* OpenArena engine snapshot >= 0.8.x-20
* World of Padman >= 1.5.4
* Tremulous svn trunk >= r1953
* Tremulous svn, gpp branch >= r1955
* Smokin' Guns >= 1.1b4
* Smokin' Guns svn 1.1 branch >= r472

Vulnerable older versions include:

* ioquake3 engine 1.36
* OpenArena 0.8.5
* World of Padman 1.5
* Tremulous 1.1.0
* Tremulous Gameplay Preview 1 (GPP1)
* Smokin' Guns svn trunk at the time of writing (r181)

Proprietary games based on the Quake 3 engine (Quake III Arena
when played using its official engine, Star Wars: Jedi Outcast and Jedi
Academy, Star Trek: Elite Force 1 & 2, etc.) are also likely to be
vulnerable.

Proprietary games being run under the ioquake3 engine (Quake III Arena
when using ioquake3, Urban Terror when using ioUrbanTerror, etc.) may be
vulnerable or not vulnerable, depending on the version of ioquake3 used.

[0]
http://lists.ioquake.org/pipermail/ioquake3-ioquake.org/2012-January/004778.html
[1] http://openarena.ws/board/index.php?topic=4391.0
[2] http://www.urbanterror.info/forums/topic/27825-drdos/
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665656
[4] http://ioquake3.org/
[5] http://icculus.org/pipermail/quake3-commits/2010-January/001679.html

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close